Presentation is loading. Please wait.

Presentation is loading. Please wait.

Technical Perspective

Similar presentations


Presentation on theme: "Technical Perspective"— Presentation transcript:

1 Technical Perspective
Scott Schnoll MCT • MCSE • MCSA • MCP • Microsoft MVP Product Support Manager • TNT Software ( President – NOBUG (

2 Technical Perspective
Windows Server 2003 Family OOBE IIS 6.0 Feature Highlights Upgrading .NET Framework XML Web Services Q & A DISCLAIMER: INFORMATION CURRENT AS OF JAN 2003 BUT IS SUBJECT TO CHANGE

3 Windows Server 2003 Upcoming Windows Server Family Products
Windows Server 2003 Web Edition Windows Server 2003 Standard Edition Windows Server 2003 Enterprise Edition Windows Server 2003 Datacenter Edition Compare Editions at: Anticipated Release: April 24, 2003 (S.F., CA)

4 System Requirements Minimum Recommended CPU: Pentium 133* RAM: 128MB**
Disk: 1.5GB (x86), 2.0GB (Itanium) Recommended CPU: 550MHz or greater RAM: 256MB or more Disk: 2.5GB or more *Datacenter requires minimum of 400Mhz for x86 systems. Datacenter and Enterprise require minimum of 733MHz for Itanium systems. **Datacenter requires 512MB RAM minimum.

5 Web Edition New SKU targeted at ISPs/ASPs/Web Farms
Only available via selected Partner channels; Not available via Retail channel Native ASP.NET & .NET Framework 2-way SMP 2GB Memory Network Load Balancing Single VPN connection SMB Connection Limit – 10 concurrent Per seat No CALs required Blocks mainstream messaging, database apps

6 Web Edition Disabled/Unavailable Services and Features
Enterprise UDDI Services Removable and Remote Storage FAX Service Services for Macintosh (File/Print) DCPromo Certificate Services Terminal Services – Application Mode Windows Media Service Itanium/64-bit support Cluster Service MMS RIS Internet Connection Sharing/Internet Connection Firewall PKI/Smart Cards (client-side only)

7 Standard Edition Includes features in Web Edition, plus
Enterprise UDDI Services Requires MSDE or SQL Server 2000 w/SP3 or later Directory used by applications to locate web services Internet Authentication Service (50 RADIUS servers max; unlimited users) Internet Connection Firewall (LAN, VPN & PPPoE) Internet Connection Sharing Network Bridge 4-way SMP 4GB memory Can be DC/GC

8 Standard Edition Disabled/Unavailable Services & Features
Itanium/64-bit support Cluster Service Terminal Server Session Directory MMS

9 Enterprise Edition Moving from ‘Advanced’ back to ‘Enterprise’
Includes features in Standard Edition, plus Server Clusters (8 nodes!) Supports Itanium Processors 8-way SMP 32GB memory (x86); 64GB memory (Itanium) Integration with Microsoft Metadirectory Services Hot-Add Memory* Non-Uniform Memory Access (NUMA)* Terminal Services Session Directory (NLB, F5, Radware) Windows System Resource Manager *Requires OEM hardware support

10 Datacenter Edition Only available from Datacenter OEMs
Includes features in Enterprise Edition, plus 64-way SMP 64GB memory (x86); 512GB memory (Itanium) Windows Sockets: Direct access for SANs (Winsock Direct)

11 OOBE Windows XP-style Setup Wizard Some familiar Windows 2000 dialogs
Compatibility checks Dynamic Update Some familiar Windows 2000 dialogs DCPromo after setup Need to run ADPrep tool (/forestprep and /domainprep) to prepare Windows 2000 AD IIS NOT installed by default GetVersionEX() API identifies as NT 5.2

12 OOBE

13 OOBE Additional Configuration Elements Product Activation
Remote Assistance/Remote Desktop Automatic Updates Themes/Appearance Windows Update .NET Framework Configuration FPSE 2002/SharePoint Administration Product Activation Volume license customers do not activate Non-volume license customers have 30 days

14 OOBE More secure out of box Reliability improved across the board
Services run with Limited User Access (instead of admin) Significantly Reduced Attack Surface Many things turned off by default More conservative default settings Reliability improved across the board Every single line of code reviewed

15 IIS 6.0 Nearly 100% completely re-written Stack Overrun detection
Components added/removed via Add or Remove Programs in Control Panel IIS Lockdown Tool built-in and called ‘Web Service Extensions’ .NET Passport Integration

16 IIS 6.0 – WWW Service Includes health monitoring, fault-tolerance and error detection Request Processing IIS 5.0 has a single process (inetinfo) that farms out requests to out-of-process applications (dllhost’s) IIS 6.0 splits this functionality across two new components: HTTP.SYS (kernel-mode listener) WWW Service Administration and Monitoring (user-mode admin tool) On a test server w/8CPUs, IIS 6.0 showed a 100% performance gain over IIS 5.0 on the same hardware

17 IIS 6.0 – WWW Service Web Administration Service (WAS)
Part of core WWW Service Handles configuration changes and process management Loads configuration from IIS metabase on startup Responsible for life cycle of worker processes When to start When to recycle When to restart

18 IIS 6.0 – HTTP.SYS/KM Queuing
Uses Worker Processes and Application Pools Worker process executable (w3wp.exe) loads WWW service DLL into its working set to perform loading/unloading of ISAPI modules and for authorization and authentication HTTP.sys listens for requests and routes them to the appropriate application pool queue Application Pool is nothing more than an HTTP.sys queue and at least one worker process. Application pools serve requests for a unique Web application

19 IIS 6.0 – HTTP.SYS/KM Queuing
Prevents third-party code from crashing IIS Failed worker processes automatically restarted There may be a temporary disruption in the processing of a request, but the request will be processed, and end-user experience is preserved

20 IIS 6.0 – Worker Process Isolation
Isolation mode introduced in IIS 4.0 No more in-process applications Admins create Application Pools Set of web applications that share one or more worker processes Application pools separated by process boundaries Can move running applications between application pools Application Pool ≈ Namespace Group

21 IIS 6.0 – Worker Process Isolation
Prevents worker process from harming IIS Eliminates lots of reboots Enables live debugging/development Self-healing (checks for faults, leaks, hangs, etc.) Treats ‘applications’ as unit of administration Patches can be applied without interruption in service IIS 5.0 Isolation Mode Backward compatibility Same as IIS 5.0, but shoehorns into IIS 6.0 HTTP.SYS model

22 IIS 6.0 – Worker Process Isolation
Application Pool Worker Process Worker Process WWW Service Administration and Monitoring ISAPI Extensions ISAPI Extensions ISAPI Filters ISAPI Filters HTTP.sys

23 IIS 6.0 – FTP Service FTP User Isolation Configurable PASV Port Range
Like a ‘home directory’ for FTP users Isolates their folder from other users’ folders User’s top-level folder appears as root of FTP Configurable PASV Port Range PASV requires add’l connection (formerly ephemeral port but now configurable)

24 IIS 6.0 – Security Ships in locked down state – only static content can be served New lower privilege service account (low privilege user context) ASP more secure (always run as a low-privileged account – anonymous user) Auto-rejects requests for unknown file extensions More aggressive timeouts, limits on uploads, etc. to further harden against attacks Buffer overflow protection File verification before passing file requests to request handler (e.g., ISAPI extension)

25 IIS 6.0 – Metabase XML format Can be edited while IIS is running
Improved backup/restore Extensible schema Backward compatible with metabase APIs and ADSI Smaller footprint, faster reading Configuration rollback

26 IIS 6.0 – Command Line Tools
iisweb.vbs: Create, delete, start, stop, and list Web sites iisftp.vbs: Create, delete, start, stop, and list FTP sites iisvdir.vbs: Create and delete virtual directories, or display the virtual directories of a given root iisftpdr.vbs: Create, delete, or display virtual directories under a given root iisconfg.vbs: Export/import IIS configuration to XML file iisback.vbs: Backup and restore IIS configuration iisapp.vbs: List process IDs and application pool IDs for currently running worker processes (W3WP.EXE) iisext.vbs: Configure Web service extensions

27 IIS 6.0 – Developer Enhancements
ASP.NET and Passport integration Specify an arbitrary set of buffers/file handles in one client send call: HSE_REQ_VECTOR_SEND (call ServerSupportFunction() ) Worker process recycling (tell IIS to recycle process): HSE_REQ_REPORT_UNHEALTHY Create dynamic request response and serve from kernel: DYNAMIC CACHING (FLAG) Identify final send in response to reduce kernel/user transitions: FINAL SEND (FLAG) ISAPI support for custom errors Improved ISAPI Unicode support COM+ services in ASP

28 IIS Performance 20,000 pooled applications in IIS6 vs < 3,000 in IIS5 1,000 isolated apps on a single machine, each with its own security identity on IIS6 vs maximum of 100 on IIS5 Support for Web Gardens Where a set of equivalent processes on a computer each receive a share of the requests that are normally served by a single process

29 IIS 6.0 – Other Other services mostly same as IIS 5.0
FTP, SMTP, NNTP still contained within Inetinfo.exe Disabled after upgrading from NT4 or Windows 2000 Group Policy can be used to prevent rogue IIS installations Includes MSDE

30 Feature Highlights Installation
Can be deployed via Remote Installation Services Setup Manager Wizard – Create Answer Files Recovery Console can be delivered from RIS Greater flexibility for answer files (image install can have multiple answer files) Disk Duplication Improved SysPrep Tool Create DCs from replicas (e.g., backup tape) – dcpromo /adv

31 Feature Highlights POP3 Service RPC over HTTP
Web-based Server Administration OOB 10-20% faster than Windows 2000 Core Improvements Better scaling for 16 & 32 CPUs Fewer & shorter locks Better process cache alignment Improved memory allocator (needs to be turned on by app in code) True 64-bit Address space increased from 4GB to 16TB

32 Feature Highlights Active Directory Functional Levels
Determines what OS DCs can run Forest Windows 2000 (NT/2000/2003) – Default Windows Server 2003 interim (NT/2003) Windows Server 2003 (2003) Domain Windows 2000 mixed (NT/2000/2003) – Default Windows 2000 native (2000/2003) To raise forest functionality, you must be a member of Enterprise Admins To raise domain functionality, you must be a member of Domain Admins or Enterprise Admins

33 Feature Highlights Active Directory
Forest-to-Forest Kerberos transitive trusts Groups 5000 member limit gone Group membership replication improved to per-change level Attribute added to GC does not trigger full GC replication (Windows Server 2003 forest mode) DC’s can cache Universal Group membership (Site level option – only in Sites without GC) Quotas on number of objects that can be owned (Domain Admins & Enterprise Admins exempt) DNS configuration for DCPromo improved (error-checking, error messages, self-healing)

34 Feature Highlights

35 Feature Highlights Active Directory Schema Version 30 (RC2)
Domain rename (including forest root) DC rename Bulk load via multi-threaded utility Reset DS Restore password while DC online ADUC Improvements Object-oriented searches Saved Queries support in ADU&C Multi-select and edit in ADU&C Drag and Drop in ADU&C

36 Feature Highlights Active Directory
Support for inetOrgPerson class (RFC 2798) as a security principal with UI support Application Partitions provide administrator defined contexts for replication of data used by applications, on targeted DC’s (e.g., DNS, DHCP, RAS, RADIUS, etc.) ADMT v2 in the box: provides user, group, computer migrations to Windows 2003 AD from NT 4, Win2k AD, or Windows 2003 AD. Includes passwords, scriptable, great cookbook and training docs. Lingering Objects Removal – scavenger for garbage AD entries Option to disable site-site replication compression (reduces CPU usage on DCs) Major KCC-ISTG performance improvements (Windows Server 2003 forest level)

37 Feature Highlights Active Directory
Dynamic Entries w/TTL values (RFC 2589) LDAP connections over TLS (RFC 2830) Digest authentication for LDAP connections using DIGEST-MD5 SASL (RFC 2829) Virtual List Views (as defined by IETF LDAP extensions working group) Schema Objects can be deactivated

38 Feature Highlights Active Directory in Application Mode (AD/AM)
AD outside of LSASS process (e.g., not an OS service) Is not deployed on DC Supports multiple instances on single box Still uses Windows security (NT/NOS AD domain) Targeted at specific deployment scenarios Applications that need simple app directory For directory developers, quick build/destroy Extranets Migrations Enables apps to store private directory data relevant only to that app without configuration in a NOS directory Runs on Windows XP, Windows Server 2003 Standard, Enterprise and Datacenter

39 Feature Highlights High-Availability
Automated System Recovery (w/cluster support) – F2 Last resort, but could save your system (not your data) Creates backup + ASR floppy for recovery Hot-plug PCI (limited) Memory mirroring (Datacenter) Reboot Reason Collector (Shutdown Event Tracker) Emergency Management Services Out-of-band, headless management

40 Feature Highlights Clustering 8 nodes in Enterprise/Datacenter Models
Single Node (Local Quorum) Single Quorum Device (Traditional Server Clusters) Majority Node Set Print Drivers install for all nodes Kerberos support for Virtual Servers Multicast heartbeat WMI support for management and events NLB Per virtual server/ip port rules (affinity, etc.) NLB manager allows central config of NLB settings across a cluster

41 Feature Highlights File System / Storage Performance Improvements
Chkdsk 2x faster than Win2K File system I/O 100% - 139% faster than Windows 2000 Diskpart (command line disk management) Simple web-UI management NTFS read-only volumes WebDAV Redirector Improved SAN Support SAN support (iSCSI) Boot, pagefile, system disks on single HBA

42 Feature Highlights Volume Shadow Copy Snapshot Technology
Shadow Copy Service Shadow Copy Restore Hardware (Transportable) Shadow Copies Virtual Disk Service Open File Backups Data Freighting Clone volumes and move to another host on a SAN Application Recovery Manifest Apps register info on how to backup and restore

43 Feature Highlights – VSS
This was codename TimeWarp. With the Shadow Copy feature to “View Previous Versions” of files, users can now take charge of recovering their own files. Before this feature the user had one of two choices if they accidentally deleted or saved over a file (instead of renaming it): Call for IT help, which then leads to the process of tape backup recovery Try to reconstruct the file themselves Both these alternatives are time-consuming and a waste of valuable time. With this solution the user simply clicks a Folder Task and sees all versions of the files that have been affected and recovers it themselves instantly.

44 Feature Highlights Group Policy
Many new settings (as in Windows XP Pro) RSOP – Resultant Set of Policy Cross-Forest Support Modeling (calculate net effect of multiple GPOs) WMI Filters GPMC Coming Soon – Enables Backup and restore of Group Policy objects (GPOs) Import/export and copy/paste of GPOs Reporting of GPO settings and Resultant Set of Policy (RSoP) data Use of templates for managed configurations All GPMC operations to be scripted Management of all sites and domains and multiple forests Drag-and-Drop support

45 Feature Highlights – Terminal Services
MSI, MMC and Web (ActiveX) Full client included with Windows XP Improved usability Full screen connection bar Save connection settings from same UI Enhanced client error messages (40+ new messages) High color (up to 24-bit), 1600x1200 Resource redirection Audio output, Windows key combos, Disk drives and printers (local and network), Serial devices, Smart card, Clipboard (+files) Full desktop or specific application Network and Performance Improvements Increased network bandwidth savings over RDP 5.0 Remote ‘experience’ turns off wallpaper, visual styles etc depending on network connection Auto-reconnect Enhanced security 128-bit bi-directional RC4 User prompted if redirections enabled

46 Feature Highlights Networking
IPv6 (requires reboot after installing; command line only configuration – no UI yet) DNS Stub zones (contains only enough resource records to identify authoritative name server) Conditional forwarding (forwards queries based on domain name) Auto-configuration of forest root _msdcs domain as a forest wide DNS partition for all DNS servers DHCP Client Alternate Configuration Improved backup and restore Point-to-Point Protocol over Ethernet (PPPoE – RFC 2516) routing and outbound only; cannot accept inbound PPPoE IPSec over NAT (IKE protocol auto-detects NAT and switches to UDP-ESP encapsulation per IETF’s IP Security Working Group)

47 Feature Highlights Networking RADIUS failover, proxy load balancing
Wireless passwords sent over 802.1x VPN VPN Quarantine Works over NAT

48 Feature Highlights Message Queuing
MSMQ 3 clients use LDAP to talk to AD – MSMQ can be installed on NON-DC’s. Queue aliases and distribution lists allow mail subscriptions to include queues, including private ones through the use of an alias. Triggers are built-in – no longer an SDK add-on Internet messaging – URL access to submit to queues using HTTP Messaging over SOAP/HTTP in XML Load balancing Firewall friendly

49 Manageability Feature Highlights Improved ACL Editor
Software Update Services Enhanced WMI Event Correlation Components Event Forwarding Components WMIC (WMI Command Line) Added namespace providers Improved WMI Security Improved Help & Support ntcMds.chm – Command line utilities documentation All tools fully remotable: /S ServerName

50 Feature Highlights Distributed File System
Multiple roots on a single server Ability to control FRS staging location on non-DC’s Ability to filter links for large DFS roots Ability to define scheduling per-link for replication Ability to define replication topologies Uses AD site metrics to locate closest DFS share

51 Feature Highlights Windows Media Services 9 Series Fast
Fast Stream – Stream data to WMP9 faster Fast Cache – Stream data ahead to counter drops in network Fast Recovery – Uses Forward Error Correction to provide redundant packets to wireless clients Fast Reconnect – Auto reconnects broken connections New Plug-In Architecture > 1,000 interfaces Usage Scenarios 7x24 Internet radio Terrestrial radio with AFTRA support (ad replacement) Corporate TV

52 Feature Highlights Windows Media Services 9 Series Other
Server-side playlists On-demand streaming to PCs and devices Ad logging Content in playlists adjustable on the fly Performance Enhancements 2x faster than Windows 2000 4x faster than Real Server 2x faster than Apple

53 Feature Highlights For Developers Fusion – Side-by-Side DLL support
Applications use manifest which detail which DLL versions they need DLL Loader uses SxS Manager to load proper version Comctrl32.dll v5 versus Comctrl32.dll v6 (XP) Component Services (COM+ 1.5) Enhanced Isolation levels Application pooling (like IIS 6 web gardens) Pause/Disable/Dump applications

54 Features Missing – 32-bit
Universal Plug and Play (UPnP) NetBEUI Network Interface Cards – MSKB Modems – MSKB Visual Basic 5.0 Runtime – MSKB

55 Features Missing – 64-bit
16-bit Support ACPI (except for 64-bit fixed tables) ASP.NET State Service Compressed (zipped) Folders DirectMusic DVD video playback support Enterprise Memory Architecture Fast User Switching Fax support Hot Add Memory IEEE 1394 audio support Internet Connection Sharing (ICS) Internet Connection Firewall (ICF) Internet Locator Service (ILS) IPX (incl. SNMP over IPX) Client for NetWare Services for Macintosh NetBIOS OSPF .NET Framework NetMeeting Network Bridge Network Setup Wizard Recovery Console (as startup option; can still be used from CD) Remote Assistance Server Appliance Kit (SAK) Speech recognition Themes Windows Media Player Windows Media Services Windows Product Activation

56 Upgrading from NT 4.0 In-Place Upgrade
Configure DNS on PDC Upgrade PDC to Windows Server 2003 Prevent PDC Locator Overload Synchronize FRS with directory replication master Verify AD configuration and functionality Add additional DCs to Windows 2003 Domain Domain at Windows 2003 Functional Level

57 Upgrading from NT 4.0 Configure DNS on PDC Two methods:
Install and configure DNS on PDC. Do this if: The domain that you are upgrading is the root domain of the Windows 2003 forest. The domain is going to exist in your system for a long period of time. The domain must maintain its own DNS operations. Reference a DNS server in the parent domain. Do this if you have already configured DNS for Active Directory in your environment, and the domain that you are upgrading is a temporary domain.

58 Upgrading from NT 4.0 Upgrade PDC to Windows 2003 Use winnt32.exe
NT4 SAM copied into AD After AD overhead is added, this could result in too much data being replicated to NT4 BDCs in the domain. As long as you have NT4 BDCs, limit AD to fewer than 40,000 objects

59 Upgrading from NT 4.0 Prevent PDC Locator Overload
Feature for NT domains with a lot of Windows 2000 and Windows 2003 servers and XP Pro clients Windows 2003 DCs may not be able to authenticate all clients initially If your domain has Win2000/XP clients, configure Windows 2003 DC to emulate Windows NT to enable these clients to authenticate. Upgrading clients in the domain without upgrading more than one DC eliminates load balancing and fault tolerance on the DC. Even if your domain includes only a few Windows 2000 or Windows 2003 clients, it is best to configure the Windows 2003 domain controller to emulate NT4. Configure DC to emulate NT4 DC after installing Windows 2003 but before running DCPromo.

60 Upgrading from NT 4.0 Synchronize FRS with directory replication master After upgrading the NT4 PDC to Windows 2003, configure a script file to copy the files in the Sysvol folder to the BDC that provides export services to other NT4 BDCs in your domain.

61 Upgrading from NT 4.0 Verify AD configuration & functionality
Examine the event log on the BDCs for events that confirm that objects that were created after you completed the upgrade process replicated to the BDCs. Event ID 5715 in the System event log indicates that the BDCs synchronized with the Windows 2003 DC. Make sure you can: Add users to the domain Log on to the domain from a client workstation Replicate changes throughout the environment Run services in the domain

62 Upgrading from NT 4.0 Add additional DCs to Windows 2003 Domain
Do this for redundancy: Install Active Directory on a Windows 2003 member server Upgrade Windows NT 4.0 BDCs

63 Upgrading from Windows 2000
In-Place Upgrade or DCPromo (promote) Windows 2003 member server ADPrep (copies the files 409.csv and dcpromo.csv from the i386 directory to the local computer to prepare the AD forest and domain) /Forestprep /Domainprep Logs to \system32\debug\adprep

64 Upgrading from Windows 2000
Install AD on a Windows 2003 member server Wait for replication to complete Complete upgrade of first domain Upgrade remaining domains Run ADPrep /domainprep in other domains first Raise forest and domain functional levels After upgrade, forest is at Windows 2000 functional level If all Windows 2000 domains are in native mode, domain functional level is automatically raised to Windows 2000 native after you upgrade the first DC to Windows 2003.

65 .NET Framework What’s the relationship between Windows Server 2003 and the .NET Framework? Hidden components that cannot be removed! RC2 ships with .NET Framework 1.1 Platform within a Platform Object-oriented programming environment Code execution environment .NET Framework includes four components: Smart Clients XML Web Services Microsoft .NET Enterprise Servers Developer Tools & Environments

66 .NET Framework Smart Clients Windows XP Professional
Windows XP Embedded Microsoft CE.NET Smart Devices: Tablet PCs, PocketPCs, PocketPC Phone Edition, Windows Powered Smartphone XBox

67 .NET Framework XML Web Services
Simple Object Access Protocol (SOAP) used to expose useful web services to users Web Services Description Language (WSDL) provides web services with a way to describe themselves Universal Discovery Description & Integration (UDDI) used to register web services so users can find them You create web-based applications where you define an XML Web service as a software service exposed on the Web through SOAP, describe it with a WSDL file, and register it in UDDI. XML/SOAP/WSDL/UDDI all Industry Standards, defined by W3C

68 .NET Framework Microsoft .NET Enterprise Servers
Application Center 2000 BizTalk Server 2000 Commerce Server 2000 Content Management Server 2001 Exchange 2000 Host Integration Server 2000 ISA Server 2000 Mobile Information Server 2001 SharePoint Portal Server 2001 SQL Server 2000 Windows Server 2003

69 .NET Framework Developer Tools & Environments Versions
Microsoft Visual Studio .NET Visual Basic Visual C++ C# Versions RC1 = v1.0 RC2 & RTM = v1.1 Upgrading from RC1 to RC2 discussed in MSKB

70 XML Web Services Image courtesy Microsoft Corp.

71 XML Web Services Image courtesy Microsoft Corp.

72 XML Web Services Image courtesy Microsoft Corp.

73 XML Web Services Image courtesy Microsoft Corp.

74 Links Windows Server History Windows Server 2003 Product Home Windows Server 2003 Developers IIS 6.0 Technical Overview

75 Downloads IIS 6.0 Monitor Windows System Resource Manager Group Policy Management Console Beta 2 Exchange 2003 Beta 2 (plus Outlook 11) Windows Application Toolkit 2.6

76 Questions? Technical Perspective Scott Schnoll
MCT, MCSE, MCSA, Microsoft MVP Product Support Manager - TNT Software President – NOBUG © Copyright Scott Schnoll – All Rights Reserved Microsoft, Windows, and other referenced marks are property of Microsoft Corporation and used herein with permission


Download ppt "Technical Perspective"

Similar presentations


Ads by Google